Dependency generation sanity

Disable debuginfod lookups in rpmbuild scripts, there's no circumstance where rpmbuild should look up symbols from the internet. Exclude kernel modules from ELF dependency generation, kernel modules do not have DT_NEEDED style dependencies.
2023-02-16 13:15:18 +02:00 · 2023-02-16 13:15:18 +02:00 · 1cb2cea4c3
parent fa9a65dc3b
commit 1cb2cea4c3
3 changed files with 79 additions and 1 deletions
--- a/0001-Exclude-kernel-modules-from-ELF-dependency-generatio.patch
+++ b/0001-Exclude-kernel-modules-from-ELF-dependency-generatio.patch
@ -0,0 +1,28 @@
+From 3103d307063c71ff7791c2a59aacd41cfa05285c Mon Sep 17 00:00:00 2001
+Message-Id: <3103d307063c71ff7791c2a59aacd41cfa05285c.1676544357.git.pmatilai@redhat.com>
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Thu, 16 Feb 2023 12:18:02 +0200
+Subject: [PATCH 1/2] Exclude kernel modules from ELF dependency generation
+
+The kernel modules are technically ELF DSO's but we only care about
+library level dependencies which the kernel modules will never have, so
+processing them is just waste of time.
+
+This "regressed" when we dropped the "exeonly" flag from ELF in
+commit 8901a6be1652519c4875436e29e0a663be0790b7.
+---
+ fileattrs/elf.attr | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/fileattrs/elf.attr b/fileattrs/elf.attr
+index 58322d3cd..21bc471b0 100644
+--- a/fileattrs/elf.attr
+++ b/fileattrs/elf.attr
+@@ -1,3 +1,4 @@
+ %__elf_provides		%{_rpmconfigdir}/elfdeps --provides
+ %__elf_requires		%{_rpmconfigdir}/elfdeps --requires
+ %__elf_magic		^(setuid,? )?(setgid,? )?(sticky )?ELF (32|64)-bit.*$
+%__elf_exclude_path	^/lib/modules/.*\.ko?(\.[[:alnum:]]*)$
+-- 
+2.39.1
+
--- a/0002-Disable-debuginfod-server-lookups-in-build-and-depen.patch
+++ b/0002-Disable-debuginfod-server-lookups-in-build-and-depen.patch
@ -0,0 +1,44 @@
+From 31356bf81c247871d6e4461565f4b33c1e6a145a Mon Sep 17 00:00:00 2001
+Message-Id: <31356bf81c247871d6e4461565f4b33c1e6a145a.1676544357.git.pmatilai@redhat.com>
+In-Reply-To: <3103d307063c71ff7791c2a59aacd41cfa05285c.1676544357.git.pmatilai@redhat.com>
+References: <3103d307063c71ff7791c2a59aacd41cfa05285c.1676544357.git.pmatilai@redhat.com>
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Thu, 16 Feb 2023 12:25:24 +0200
+Subject: [PATCH 2/2] Disable debuginfod server lookups in build and dependency
+ generator scripts
+
+With recent elfutils (0.182 or so) various seemingly innocuous tools
+such as `readelf` like to do network lookups for ELF symbol information.
+There's no circumstance where we'd want that to happen during rpmbuild,
+so disable these lookups during all spec build scriptlets and also
+dependency generator children.
+---
+ build/rpmfc.c | 1 +
+ macros.in     | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/build/rpmfc.c b/build/rpmfc.c
+index 06205469c..a69e81f44 100644
+--- a/build/rpmfc.c
+++ b/build/rpmfc.c
+@@ -316,6 +316,7 @@ static int getOutputFrom(ARGV_t argv,
+ 	rpmlog(RPMLOG_DEBUG, "\texecv(%s) pid %d\n",
+                         argv[0], (unsigned)getpid());
+ 
+	unsetenv("DEBUGINFOD_URLS");
+ 	if (buildRoot)
+ 	    setenv("RPM_BUILD_ROOT", buildRoot, 1);
+ 
+diff --git a/macros.in b/macros.in
+index 7398a0496..307086a2b 100644
+--- a/macros.in
+@@ -724,6 +724,7 @@ package or when debugging this package.\
+   LANG=C\
+   export LANG\
+   unset CDPATH DISPLAY ||:\
+  unset DEBUGINFOD_URLS ||:\
+   %{?buildroot:RPM_BUILD_ROOT=\"%{u2p:%{buildroot}}\"\
+   export RPM_BUILD_ROOT}\
+   %{?_javaclasspath:CLASSPATH=\"%{_javaclasspath}\"\
+++ b/macros.in
+-- 
--- a/rpm.spec
+++ b/rpm.spec
@ -32,7 +32,7 @@

 %global rpmver 4.18.0
 #global snapver rc1
-%global baserelease 10
+%global baserelease 11
 %global sover 9

 %global srcver %{rpmver}%{?snapver:-%{snapver}}
@ -137,6 +137,8 @@ rpm-4.9.90-no-man-dirs.patch
 # ...
 0001-Fix-potential-uninitialized-variable-use-in-rpmtsImp.patch
 0001-Generate-Python-egg-info-from-automake-builds.patch
+0001-Exclude-kernel-modules-from-ELF-dependency-generatio.patch
+0002-Disable-debuginfod-server-lookups-in-build-and-depen.patch

 # These are not yet upstream
 rpm-4.7.1-geode-i686.patch
@ -617,6 +619,10 @@ fi
 %doc docs/librpm/html/*

 %changelog
+* Thu Feb 16 2023 Panu Matilainen <pmatilai@redhat.com> - 4.18.0-11
+- Disable debuginfod lookups in rpmbuild scripts
+- Exclude kernel modules from ELF dependency generation
+
 * Fri Jan 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 4.18.0-10
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild